Firewall Services

Firewall Management - NSX


Manage Firewall Rules, Services and Security Groups in VMware’s NSX from ServiceNow.

Business Challenge:

Managing multiple NSX instances and ensuring that Firewall Rules are consistently applied in all relevant areas of the infrastructure requires manual intervention and is often prone to human error. If a firewall rule is applied in production but forgotten or incorrectly applied in DR, the effort to locate this error and get it fixed can inadvertently consume support resources. In addition, the NSX web portal is designed for a administrator with advanced skills and knowledge for firewall and security group management.

Solution Details:

Centralized Management of Firewall or Security Group

Allows a user to request a firewall rule or security group from ServiceNow and it will create, modify, and delete across multiple NSX instances. User can group Virtual Machines in security groups to facilitate assignment of rules for specific applications or nodes. It will allow or block communication to specific ports or services. The user can also create custom services in NSX instance(s).

User Friendly Interface

User-friendly interface, which reduces the requirement to have a security administrator, involved. The security administrator and manager would get an approval request and when approved the firewall or security group request would be completed.

Datacenter Consistency

The centralized request allows the user to identify which NSX instances the request for a firewall rule or security group must be applied. When approved the request is processed automatically to all the NSX instances requested. For example, if a user needs port 443 opened on both production and DR site, one request will automatically create both Firewall Rules in both locations.

Native ITSM Integration
  • Service Request (SR): A new request automatically creates a SR in ServiceNow. Approval routings will occur based on the business rules established in ServiceNow. Once a SR is approved ServiceNow will automatically inform Firewall and the requested service will be completed.
  • Change Request (CR): A reconfiguration automatically creates a CR in ServiceNow. Approval routings will occur based on the business rules established in ServiceNow. Once a CR is approved ServiceNow will automatically inform NSX and the requested service will be completed.
  • Incident: Any failure in NSX will automatically create an incident in ServiceNow. The product will automatically parse the server logs in NSX and automatically attached the latest log entries to the incident to enable the incident owner to more rapidly asses the situation and take the appropriate troubleshooting actions.
  • Change Management Database (CMDB): The Auto Discovery capability constantly identifies changes and automatically records those changes with necessary time/date stamps in the ServiceNow CMDB.

Key Features

  • Create, Modify and Delete Firewall Rules in NSX and to more than one NSX from ServiceNow in a simple and easy to understand UI.
  • Allow or block communication to specific ports, or Services.
  • Create custom Services.
  • Firewall Rules to facilitate assignment of Firewall Rules to specific applications or nodes.
  • Create, Modify and Delete Security Groups from ServiceNow.


  • ServiceNow Kingston : Version Patch 4 +
  • ServiceNow CMP2 : Cloud Management Platform v2
  • ServiceNow Orchestration : Virtualization Core Components
  • ServiceNow Service : Catalog Platform
  • Windows or Linux MID Server : For ServiceNow Kingston
  • NSX 6.X

Download Soon

Download Links

The Cloud Factory Suite is certified by ServiceNOW and VMware. It can be downloaded through the ServiceNOW Store. Coming July 2018!